If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Make a shortcut to the program. Open this, and fool with the advance stuff; you can tell it to run under different credientails.

Now, from the code:

system("c:\whatever\...\shortcut.lnk");

will run your shortcut which will handle the credentials for you easily.

Could the user then exploit this to either figure out the admin password or replace the program I made with another program that he/she wants to run as administrator in the office for non-work related purposes?

I dont think so, depends on how good the person is. You should be able to lock down the shortcut file to execute only for the non-priveledged account via permisisons. I am not really sure how secure that actually would be though. It would aggravate a normal user, a skilled one may find a door here.

I think that anyone who can hack the shortcut, if you lock it up, could probably also hack an executable with a hex editor to read off the password or change the destination of the command. System calls in a program are not exactly secure =)

Edit: I was wrong, its been a while since I did this --- that shortcut feature has a menu for the user to say what account he runs the program as, then he has to enter the password, so it is no good for your application. Its for people you trust with your admin password only I guess.

All that to say I am not sure how to construct your object. Maybe google to find an example of the object in use or something... sorry I can't help with that one.